#!/bin/bash # # LibrePortal path roots — single source of truth for the (relocatable) layout. # # Three independently-placeable roots, each owned by exactly one principal: # LP_SYSTEM_DIR control plane — manager (libreportal) owned, 750 # configs/ logs/ install/ database.db ssl/ ssh/ migrate/ restore/ # LP_CONTAINERS_DIR live app data — container user (dockerinstall) owned (rootless) # LP_BACKUPS_DIR restic/kopia repos — container user owned (separable / own mount) # # The roots come from the environment when set (the install bakes them into the # task-processor systemd unit, and the CLI/app inherit them from init.sh), else # they default to /libreportal-*. A custom location is chosen at INSTALL time and # baked by root — never read at runtime from a manager-writable config. # # SECURITY: the root-owned helpers under /usr/local/lib/libreportal/ do NOT source # this file. They get the paths baked in at install (sed placeholders), so the # manager cannot redirect a root `chown`/`chmod` by editing config. This file is # only for the manager-run code (app, CLI, task processor), which runs without # extra privilege. # # Mirror copy: init.sh derives the same vars inline (it is self-contained for the # bare /root/init.sh reinstall case, where scripts/ isn't alongside). Keep the two # derivations in sync. # --- Resolve the three roots ------------------------------------------------ # Transitional compat: an EXISTING install (the legacy single /docker tree, # identified by its config marker) keeps using /docker until a deliberate # reinstall to the split layout — so deploying new code never strands a running # box. Fresh installs (no marker) get the /libreportal-* split. if [[ -z "${LP_SYSTEM_DIR:-}" ]]; then if [[ ! -e /libreportal-system && -f /docker/configs/general/general_docker_install ]]; then LP_SYSTEM_DIR=/docker : "${LP_CONTAINERS_DIR:=/docker/containers}" : "${LP_BACKUPS_DIR:=/docker/backups}" else LP_SYSTEM_DIR=/libreportal-system fi fi : "${LP_CONTAINERS_DIR:=/libreportal-containers}" : "${LP_BACKUPS_DIR:=/libreportal-backups}" # --- Derived: system tree (manager-owned). docker_dir is the legacy name. --- docker_dir="$LP_SYSTEM_DIR" system_dir="$LP_SYSTEM_DIR" configs_dir="$LP_SYSTEM_DIR/configs/" logs_dir="$LP_SYSTEM_DIR/logs/" ssl_dir="$LP_SYSTEM_DIR/ssl/" ssh_dir="$LP_SYSTEM_DIR/ssh/" wireguard_dir="$LP_SYSTEM_DIR/wireguard/" migrate_dir="$LP_SYSTEM_DIR/migrate" restore_dir="$LP_SYSTEM_DIR/restore" script_dir="$LP_SYSTEM_DIR/install" install_configs_dir="$script_dir/configs/" install_containers_dir="$script_dir/containers/" install_scripts_dir="$script_dir/scripts/" # --- Derived: data tree (container-user-owned) — the root IS the dir --------- containers_dir="$LP_CONTAINERS_DIR/" # --- Derived: backups tree (container-user-owned; own mount-able) ----------- backup_dir="$LP_BACKUPS_DIR" # --- Control-plane manager user (configurable; baked into helpers at install) - # The systemd unit + CLI wrapper export LP_MANAGER_USER; else default libreportal. sudo_user_name="${LP_MANAGER_USER:-libreportal}"